Commit 213f3b7d authored by Libor Peltan's avatar Libor Peltan Committed by Daniel Salzman

keymgr: possibility of not using any of -c -C -d if default path

parent c4667147
......@@ -34,7 +34,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.sp
\fBkeymgr\fP \fIbasic_option\fP [\fIparameters\fP\&...]
.sp
\fBkeymgr\fP \fIconfig_option\fP \fIconfig_storage\fP \fIzone_name\fP \fIaction\fP \fIparameters\fP\&...
\fBkeymgr\fP [\fIconfig_option\fP \fIconfig_storage\fP] \fIzone_name\fP \fIaction\fP \fIparameters\fP\&...
.SH DESCRIPTION
.sp
The \fBkeymgr\fP utility serves for key management in Knot DNS server.
......@@ -166,7 +166,7 @@ Import a key from BIND:
.sp
.nf
.ft C
$ keymgr \-d ${knot_data_dir}/keys example.com. import\-bind ~/bind/Kharbinge4d5.+007+63089.key
$ keymgr example.com. import\-bind ~/bind/Kharbinge4d5.+007+63089.key
.ft P
.fi
.UNINDENT
......@@ -178,7 +178,7 @@ Generate new key:
.sp
.nf
.ft C
$ keymgr \-c ${knot_data_dir}/knot.conf example.com. generate algorithm=ECDSAP256SHA256 size=256 \e
$ keymgr example.com. generate algorithm=ECDSAP256SHA256 size=256 \e
ksk=true created=1488034625 publish=20170223205611 retire=now+10mo remove=now+1y
.ft P
.fi
......
......@@ -8,7 +8,7 @@ Synopsis
:program:`keymgr` *basic_option* [*parameters*...]
:program:`keymgr` *config_option* *config_storage* *zone_name* *action* *parameters*...
:program:`keymgr` [*config_option* *config_storage*] *zone_name* *action* *parameters*...
Description
-----------
......@@ -131,11 +131,11 @@ Examples
2. Import a key from BIND::
$ keymgr -d ${knot_data_dir}/keys example.com. import-bind ~/bind/Kharbinge4d5.+007+63089.key
$ keymgr example.com. import-bind ~/bind/Kharbinge4d5.+007+63089.key
3. Generate new key::
$ keymgr -c ${knot_data_dir}/knot.conf example.com. generate algorithm=ECDSAP256SHA256 size=256 \
$ keymgr example.com. generate algorithm=ECDSAP256SHA256 size=256 \
ksk=true created=1488034625 publish=20170223205611 retire=now+10mo remove=now+1y
4. Configure key timing::
......
......@@ -15,6 +15,7 @@
*/
#include <stdlib.h>
#include <sys/stat.h>
#include "knot/conf/conf.h"
#include "knot/dnssec/zone-keys.h"
......@@ -58,126 +59,16 @@ static void print_help(void)
PROGRAM_NAME);
}
static bool init_conf(const char *confdb)
{
conf_flag_t flags = CONF_FNOHOSTNAME | CONF_FOPTMODULES;
if (confdb != NULL) {
flags |= CONF_FREADONLY;
}
conf_t *new_conf = NULL;
int ret = conf_new(&new_conf, conf_scheme, confdb, flags);
if (ret != KNOT_EOK) {
printf("Failed opening configuration database %s (%s)\n",
(confdb == NULL ? "" : confdb), knot_strerror(ret));
return false;
}
conf_update(new_conf, CONF_UPD_FNONE);
return true;
}
static bool init_confile(const char *confile)
static int key_command(int argc, char *argv[])
{
int ret = conf_import(conf(), confile, true);
if (ret != KNOT_EOK) {
printf("Failed opening configuration file %s (%s)\n",
confile, knot_strerror(ret));
return false;
}
return true;
}
static bool init_conf_blank(const char *kasp_dir)
{
char confstr[200 + strlen(kasp_dir)];
snprintf(confstr, sizeof(confstr),
"template:\n - id: default\n storage: .\n kasp-db: %s\n", kasp_dir);
int ret = conf_import(conf(), confstr, false);
if (ret != KNOT_EOK) {
printf("Failed creating fake configuration (%s)\n",
knot_strerror(ret));
return false;
}
return true;
}
int main(int argc, char *argv[])
{
if (argc <= 1) {
print_help();
return EXIT_SUCCESS;
}
if (strcmp(argv[1], "--help") == 0) {
print_help();
return EXIT_SUCCESS;
}
if (strcmp(argv[1], "--version") == 0) {
print_version(PROGRAM_NAME);
return EXIT_SUCCESS;
}
if (strlen(argv[1]) != 2 || argv[1][0] != '-') {
printf("Bad argument: %s\n", argv[1]);
print_help();
return EXIT_FAILURE;
}
#define check_argc_three if (argc < 3) { \
printf("Option %s requires an argument.\n", argv[1]); \
print_help(); \
return EXIT_FAILURE; \
}
switch (argv[1][1]) {
case 'h':
print_help();
return EXIT_SUCCESS;
case 'V':
print_version(PROGRAM_NAME);
return EXIT_SUCCESS;
case 'd':
check_argc_three
if (!init_conf(NULL) || !init_conf_blank(argv[2])) {
return EXIT_FAILURE;
}
break;
case 'c':
check_argc_three
if (!init_conf(NULL) || !init_confile(argv[2])) {
return EXIT_FAILURE;
}
break;
case 'C':
check_argc_three
if (!init_conf(argv[2])) {
return EXIT_FAILURE;
}
break;
case 't':
check_argc_three
int tret = keymgr_generate_tsig(argv[2], (argc >= 4 ? argv[3] : "hmac-sha256"),
(argc >= 5 ? atol(argv[4]) : 0));
if (tret != KNOT_EOK) {
printf("Failed to generate TSIG (%s)\n", knot_strerror(tret));
}
return (tret == KNOT_EOK ? EXIT_SUCCESS : EXIT_FAILURE);
default:
printf("Wrong option: %s\n", argv[1]);
print_help();
return EXIT_FAILURE;
}
#undef check_argc_three
if (argc < 5) {
if (argc < 2) {
printf("Zone name and/or command not specified.\n");
print_help();
return EXIT_FAILURE;
return KNOT_EINVAL;
}
knot_dname_t *zone_name = knot_dname_from_str_alloc(argv[3]);
knot_dname_t *zone_name = knot_dname_from_str_alloc(argv[0]);
if (zone_name == NULL) {
return EXIT_FAILURE;
return KNOT_ENOMEM;
}
(void)knot_dname_to_lower(zone_name);
......@@ -198,63 +89,63 @@ int main(int argc, char *argv[])
goto main_end;
}
if (strcmp(argv[4], "generate") == 0) {
ret = keymgr_generate_key(&kctx, argc - 5, argv + 5);
} else if (strcmp(argv[4], "import-bind") == 0) {
if (argc < 6) {
if (strcmp(argv[1], "generate") == 0) {
ret = keymgr_generate_key(&kctx, argc - 2, argv + 2);
} else if (strcmp(argv[1], "import-bind") == 0) {
if (argc < 3) {
printf("BIND-style key to import not specified.\n");
ret = KNOT_EINVAL;
goto main_end;
}
ret = keymgr_import_bind(&kctx, argv[5]);
} else if (strcmp(argv[4], "set") == 0) {
if (argc < 6) {
ret = keymgr_import_bind(&kctx, argv[2]);
} else if (strcmp(argv[1], "set") == 0) {
if (argc < 3) {
printf("Key is not specified.\n");
ret = KNOT_EINVAL;
goto main_end;
}
knot_kasp_key_t *key2set;
ret = keymgr_get_key(&kctx, argv[5], &key2set);
ret = keymgr_get_key(&kctx, argv[2], &key2set);
if (ret == KNOT_EOK) {
ret = keymgr_set_timing(key2set, argc - 6, argv + 6);
ret = keymgr_set_timing(key2set, argc - 3, argv + 3);
if (ret == KNOT_EOK) {
ret = kdnssec_ctx_commit(&kctx);
}
}
} else if (strcmp(argv[4], "list") == 0) {
} else if (strcmp(argv[1], "list") == 0) {
ret = keymgr_list_keys(&kctx);
} else if (strcmp(argv[4], "ds") == 0) {
if (argc < 6) {
} else if (strcmp(argv[1], "ds") == 0) {
if (argc < 3) {
printf("Key is not specified.\n");
ret = KNOT_EINVAL;
goto main_end;
}
knot_kasp_key_t *key2ds;
ret = keymgr_get_key(&kctx, argv[5], &key2ds);
ret = keymgr_get_key(&kctx, argv[2], &key2ds);
if (ret == KNOT_EOK) {
ret = keymgr_generate_ds(zone_name, key2ds);
}
} else if (strcmp(argv[4], "share") == 0) {
} else if (strcmp(argv[1], "share") == 0) {
knot_dname_t *other_zone = NULL;
char *key_to_share = NULL;
if (keymgr_foreign_key_id(argc - 5, argv + 5, "be shared", &other_zone, &key_to_share) == KNOT_EOK) {
if (keymgr_foreign_key_id(argc - 2, argv + 2, "be shared", &other_zone, &key_to_share) == KNOT_EOK) {
ret = kasp_db_share_key(*kctx.kasp_db, other_zone, kctx.zone->dname, key_to_share);
}
free(other_zone);
free(key_to_share);
} else if (strcmp(argv[4], "delete") == 0) {
if (argc < 6) {
} else if (strcmp(argv[1], "delete") == 0) {
if (argc < 3) {
printf("Key is not specified.\n");
ret = KNOT_EINVAL;
goto main_end;
}
knot_kasp_key_t *key2del;
ret = keymgr_get_key(&kctx, argv[5], &key2del);
ret = keymgr_get_key(&kctx, argv[2], &key2del);
if (ret == KNOT_EOK) {
ret = kdnssec_delete_key(&kctx, key2del);
}
} else {
printf("Wrong zone-key command: %s\n", argv[4]);
printf("Wrong zone-key command: %s\n", argv[1]);
goto main_end;
}
......@@ -268,6 +159,137 @@ main_end:
kdnssec_ctx_deinit(&kctx);
kasp_db_close(kaspdb());
free(zone_name);
return ret;
}
static bool init_conf(const char *confdb)
{
conf_flag_t flags = CONF_FNOHOSTNAME | CONF_FOPTMODULES;
if (confdb != NULL) {
flags |= CONF_FREADONLY;
}
conf_t *new_conf = NULL;
int ret = conf_new(&new_conf, conf_scheme, confdb, flags);
if (ret != KNOT_EOK) {
printf("Failed opening configuration database %s (%s)\n",
(confdb == NULL ? "" : confdb), knot_strerror(ret));
return false;
}
conf_update(new_conf, CONF_UPD_FNONE);
return true;
}
static bool init_confile(const char *confile)
{
int ret = conf_import(conf(), confile, true);
if (ret != KNOT_EOK) {
printf("Failed opening configuration file %s (%s)\n",
confile, knot_strerror(ret));
return false;
}
return true;
}
static bool init_conf_blank(const char *kasp_dir)
{
char confstr[200 + strlen(kasp_dir)];
snprintf(confstr, sizeof(confstr),
"template:\n - id: default\n storage: .\n kasp-db: %s\n", kasp_dir);
int ret = conf_import(conf(), confstr, false);
if (ret != KNOT_EOK) {
printf("Failed creating fake configuration (%s)\n",
knot_strerror(ret));
return false;
}
return true;
}
int main(int argc, char *argv[])
{
if (argc <= 1) {
print_help();
return EXIT_SUCCESS;
}
if (strcmp(argv[1], "--help") == 0) {
print_help();
return EXIT_SUCCESS;
}
if (strcmp(argv[1], "--version") == 0) {
print_version(PROGRAM_NAME);
return EXIT_SUCCESS;
}
int argpos = 1;
if (strlen(argv[1]) == 2 && argv[1][0] == '-') {
#define check_argc_three if (argc < 3) { \
printf("Option %s requires an argument.\n", argv[1]); \
print_help(); \
return EXIT_FAILURE; \
}
switch (argv[1][1]) {
case 'h':
print_help();
return EXIT_SUCCESS;
case 'V':
print_version(PROGRAM_NAME);
return EXIT_SUCCESS;
case 'd':
check_argc_three
if (!init_conf(NULL) || !init_conf_blank(argv[2])) {
return EXIT_FAILURE;
}
break;
case 'c':
check_argc_three
if (!init_conf(NULL) || !init_confile(argv[2])) {
return EXIT_FAILURE;
}
break;
case 'C':
check_argc_three
if (!init_conf(argv[2])) {
return EXIT_FAILURE;
}
break;
case 't':
check_argc_three
int tret = keymgr_generate_tsig(argv[2], (argc >= 4 ? argv[3] : "hmac-sha256"),
(argc >= 5 ? atol(argv[4]) : 0));
if (tret != KNOT_EOK) {
printf("Failed to generate TSIG (%s)\n", knot_strerror(tret));
}
return (tret == KNOT_EOK ? EXIT_SUCCESS : EXIT_FAILURE);
default:
printf("Wrong option: %s\n", argv[1]);
print_help();
return EXIT_FAILURE;
}
#undef check_argc_three
argpos = 3;
} else {
struct stat st;
if (stat(CONF_DEFAULT_DBDIR, &st) == 0 && init_conf(CONF_DEFAULT_DBDIR)) {
// initialized conf from default DB location
} else if (stat(CONF_DEFAULT_FILE, &st) == 0 &&
init_conf(NULL) && init_confile(CONF_DEFAULT_FILE)) {
// initialized conf from default confile
} else {
printf("Couldn't initialize configuration, please provide -c -C or -d options.\n");
return EXIT_FAILURE;
}
}
int ret = key_command(argc - argpos, argv + argpos);
conf_free(conf());
return (ret == KNOT_EOK ? EXIT_SUCCESS : EXIT_FAILURE);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment